ARP Poisoning

The ARP (Address Resolution Protocol) is used to find the MAC address of any IP address that you are trying to reach on your local network, it’s a simple protocol and vulnerable to an attack called ARP poisoning (or ARP spoofing).

ARP poisoning is an attack where we send fake ARP reply packets on the network. There are two possible attacks:

MITM (Man in the middle): the attacker will send an ARP reply with its own MAC address and the IP address of a legitimate host, server or router. When the victim receives the ARP reply it will update its ARP table. When it tries to reach the legitimate device, the IP packets will end up at the attacker.

DOS (Denial of Service): the attacker will send many ARP replies with the MAC address of a legitimate server. All devices in the network will update their ARP tables and all IP packets in the network will be sent to the server, overloading it with traffic.

In this lesson we’ll take a look at a MITM attack performed through ARP poisoning, to demonstrate this we’ll use the following topology:

Above we have a switch that connects two computers and a router, which is used for Internet access. The computer on the left side is a Windows computer with a user browsing the Internet, the computer on the top is our attacker.

Traffic Pattern without ARP Poisoning

Let’s take a look at the MAC addresses and ARP tables of the host on the left side (192.168.1.1) and the router:

Traffic Pattern with ARP Poisoning

There are a number of tools you can use for ARP poisoning, I decided to use Kali which is a great Linux distribution with plenty of security tools. Kali comes with an application called Ettercap which offers a couple of MITM (Man in the Middle) attacks.

Do yourself a favor and never try ARP poisoning on any production network, you should always use a lab environment to test any security tools. There are methods to detect ARP poisoning which we will cover in the DAI (Dynamic ARP Inspection) lesson.

I will launch Ettercap on the host with IP address 192.168.1.2. Before we launch Ettercap, there’s a couple of configuration changes we have to make. First open the etter.conf file:

# vim /etc/ettercap/etter.conf

Now change the “ec_uid” and “ec_gid” values to 0:

[privs]
ec_uid = 0
ec_gid = 0

These values allow Ettercap to get root access which is required to open network sockets. Also make sure that you have the following two rules in your etter.conf file:

Thanks for your all valuable articles , I want to do in the Lab environment but at this moment i don’t have any physical Router and switch , is it possible to do in the GNS3 or any other emulation/simulations software where i can do your all of lab.

Both GNS3 (free) and VIRL (paid) can be used for almost all simulations. Some minor topics, like Bi-Direction Forwarding Detection, Unidirectional Link Detection, and a few more, don’t work well (BFD will actually crash GNS3!).

GNS3 is easier to use, and less complicated to setup. The downsides are you have to supply your own IOS images, and GNS3’s support for switching is marginal at best. If you want to practice topics related to routing I would recommend it.

VIRL requires a paid yearly subscription, as well as access to 3rd party emulator software (VMWare

New Lessons

Testimonials

Great Site!

I really appreciate Rene's ability to clearly explain complicated material and the examples he provides. NetworkLessons.com is a great resource for me and I come here first when I have a Cisco-related task to learn. Thanks Rene!

Sean CasonSenior Network AdministratorMay 9, 2016

Learning In Plain English

I will personally recommend NetworkLessons.com to anyone wanting to seek more knowledge in networking. It's because their course SCHEDULES are very well defined, LABS are perfectly outlined and all network CONCEPTS are excellently presented in plain and understandable English.

John YuoganNetwork SpecialistSeptember 12, 2016

Pedagogy & Deep Understanding of Networking

I’ve fallen in love with Rene’s materials. I was looking for an online course to start my CCNP R&S. Then I went like: Who's better than this guy playing that easy with networking principles and Cisco devices and who truly knows the art of teaching networking? I’m enjoying so far all valuable content of NetworkLessons.com and above all, Rene’s teachings are helping me to move smoothly on my journey towards my CCNP R&S certification. Rene in an expert in pedagogy and I recommend his courses to everyone who want to go deep with networking principles.

Serges AvodagbeNetwork EngineerMay 8, 2017

Presents Lessons in an Understandable Way

NetworkLessons.com was recommended to me by several friends. While studying for CCNP Route, NetworkLessons.com presents the lessons in such an understandable way, that I picked up more in 1 hour, than I had in years of CCNA at other sources. Their videos are comprehensive and the written material covers any questions I have. The site owner, Rene, gives it a personal touch that you don't find anywhere else; he interacts and helps along the way. The pricing is very good and so I decided to keep the subscription running as a resource in my career - not just for an exam. I would recommend NetworkLessons.com over all other the well-known sites to any new or senior engineers.

Nick FletcherHosting EngineerFebruary 14, 2018

Great Reference

NetworkLessons.com is very useful and organized. It is a GREAT reference for study and work. I am depending a lot on their website for my CCIE preparation. Thanks!

Mike KhouliNetwork AdministratorJanuary 13, 2017

Very Good in Explaining!

Accurate and very good in explaining technical networking topics materials. NetworkLessons.com provides complete courses for every networking topic imaginable. I really like their methods and ease of explanation and every fine detail in it. Together with their GNS3vault both websites are of great value. Keep on going!

Hans KneefelIP SpecialistDecember 9, 2015

Excellent Materials

NetworkLessons.com helped me land my current job right now. When I was affected by a layoff I had forgotten my networking skills. I needed to brush up my skills FAST. I used NetworkLessons.com extensively to relearn the materials within 1 month and as well as prepared for potential interview questions. Thank you for this wonderful site.

Duy NguyenNetwork EngineerJune 4, 2018

Great for Studying

I have been using Networklessons.com as a reference when I don't completely understand a topic for my upcoming CCIE written exam. Often times I find the vendor's white papers may be a bit cryptic or stuffy to read. Networklessons.com makes it easy to understand with visuals as well. Not only is there a good break down of each topic, what it does, and why you would use it, but there are numerous videos explaining in further detail how they work. I would recommend Networklessons.com for anyone pursuing a Cisco certification, or anyone wanting to brush up on networking fundamentals!

Patrick WaltonNetwork Security EngineerJanuary 18, 2016

Direct & Understandable

I discovered NetworkLessons.com when I was entering the field a few years ago. After reading Rene's books, his examples and videos helped pull the concepts together. If you want lessons that get to the point fast you will like what this site offers. It's great whether you are new getting in the business, or just trying to understand a new networking technology to apply on the job.

Joseph HummerNetwork EngineerSeptember 25, 2016

A Fantastic Teacher

NetworkLessons.com is a fantastic teaching platform. Every lesson is set up in a way that makes learning interesting and fun. Rene is an expert and doesn't try to impress his readers on how much he knows. He has a genuine desired to help others to grasp all network concepts. The one aspect I enjoy the most are the live demonstrations he includes with each lesson. The labs presented in his lessons are easily reproducible in GNS3 which has allowed me to hone my skills. NetworkLessons.com is very affordable and should be a part of anyone's Network Training Library.

Paul LagattaNetwork EngineerSeptember 1, 2016

Now Everyone can Learn Networking!

I found Networklessons.com to provide me very detailed explanations which can guide me from a novice layman to become a networking professional in a very short time. Before I became a member, I thought I knew something about OSPF, BGP, EIGRP, MPLS etc. but now I relealize I did not. A lot of the 'small pixel' how it really works I didn't know at all, but now with help of Networklessons.com I am so confident and know what all of these topics are about. Networklessons.com is not only a website containing lessons to me, but also a consultant which can help and answer the technical issues of networking. Rene answers all my questions with a prompt response. My thanks to Networklessons.com and Rene!

Davis WongNetwork EngineerFebruary 29, 2016

Just Amazing

All topics are explained very well in an understandable language. It's also a perfect website when you have some shortcomings in some protocols. NetworkLessons.com is an amazing learning platform. Thanks so much for a great learning experience!